I’ve continued to add entities to my list of firms or entities where employee W-2 information was successfully phished by emails purporting to be from an entity’s executive. One notification I read this morning made me cringe because the firm that was successfully phished has contracts with the government involving mission critical systems for U.S. and coalition…
Category: Phishing
Another Greenshades client discloses breach of employee info
Add University of the Southwest to your list of those notifying current and former employees that their W-2 or payroll information was accessed without authorization from their vendor, Greenshades. But don’t jump to conclude that the fault is with Greenshades, because the tax filing vendor says the problem is not with them. Following up on previous breach…
Meanwhile, back at the phishing for W-2 department…
After 24 days of updating my scratch list of incidents involving phishing for W-2 information (business email compromise), I decided to take stock and try to organize what we have so far. I was surprised to see that there were already 90 incidents (make that 126 as of May 18th). Most of these entries were found…
FBI: $2.3 Billion Lost to CEO Email Scams
While I keep updating my leetle list of entities disclosing their employees’ W-2 data has been phished, Brian Krebs reports that the FBI has issued an alert: The U.S. Federal Bureau of Investigation (FBI) this week warned about a “dramatic” increase in so-called “CEO fraud,” e-mail scams in which the attacker spoofs a message from the boss…
Metropolitan Jewish Health System notifies members and patients of phishing incident
Notice Regarding Phishing Email Incident Metropolitan Jewish Health System, Inc. and its participating agencies and programs (including Menorah Home and Hospital for the Aged and Infirm d/b/a Menorah Center for Rehabilitation and Nursing Care; Metropolitan Jewish Home Care, Inc. d/b/a MJHS Home Care; MJHS Hospice and Palliative Care, Inc.; Institute for Applied Gerontology d/b/a MJHS…
Mattel nearly loses $3M to a phishing scam
Bryan Clark reports: A finance executive fell victim to a phishing scam that saw the Los Angeles-based maker of children’s toys wire a cool $3 million to Chinese hackers. Expertly timed during a period of corporate change, the email hit the inbox of the unnamed executive and requested a new vendor payment in the amount of…